Sponsored By

Sign in to follow this  
magicsdevil

My Hijackthis Log For Review[RESOLVED]

Recommended Posts

I have tons of popups and almost all of the web pages I try to go on won't load. The only way I can really get anywhere is by manually typing in a URL. The computer is really slow, too.

I use Windows XP on my desktop.

Here is my first hijackthis log.... thanks!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:11, on 2008-04-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Documents and Settings\dcomito\lsass.exe

C:\windows\system32\jrwnw64m.exe

C:\WINDOWS\System32\Rundll32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe

C:\Program Files\nvcoi\nvcoi.exe

C:\Program Files\JavaCore\JavaCore.exe

C:\Documents and Settings\dcomito\Application Data\SpeedRunner\SpeedRunner.exe

C:\Documents and Settings\dcomito\Application Data\Microsoft\Windows\gvrbrm.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Documents and Settings\dcomito\Desktop\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\scntskdn.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\dcomito\lsass.exe

O4 - HKLM\..\Run: [{20-09-98-8B-DW}] C:\windows\system32\jrwnw64m.exe DWram

O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{a584bf79-1b32-0c42-3a0a-9ebe95ff9876}.dll" DllInit

O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\scntskdn.exe DWram

O4 - HKLM\..\Run: [94120924] rundll32.exe "C:\WINDOWS\system32\dcectnpd.dll",b

O4 - HKLM\..\Run: [bM97213ab8] Rundll32.exe "C:\WINDOWS\system32\ddlygjcy.dll",s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [TamaDcu] C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe

O4 - HKCU\..\Run: [Vxsu] "C:\Documents and Settings\dcomito\My Documents\s?stem\m?iexec.exe"

O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe

O4 - HKCU\..\Run: [ffki] C:\PROGRA~1\COMMON~1\ffki\ffkim.exe

O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe

O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe

O4 - HKCU\..\Run: [speedRunner] C:\Documents and Settings\dcomito\Application Data\SpeedRunner\SpeedRunner.exe

O4 - HKCU\..\Run: [sfKg6wIP] C:\Documents and Settings\dcomito\Application Data\Microsoft\Windows\gvrbrm.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Documents and Settings\dcomito\Desktop\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Startup: AutoClick.lnk = C:\Program Files\AutoClick\AutoClick.exe

O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scntskdn.exe

O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jrwnw64m.exe

O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &Search - ?p=ZNxmk762YYUS

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Get all flash - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Super Flash Player - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra 'Tools' menuitem: &Super Flash Player - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.toontown.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab

O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096149243552

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ballistik...gwebinstall.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.18.37/ttinst.cab

O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab

O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.dotphoto.com/XUpload.ocx

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.18...est/tt_test.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{507F3853-9B5C-4D4A-9892-641A37F32119}: NameServer = 192.168.1.1

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 12889 bytes

Share this post


Link to post
Share on other sites

Hi there, and welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

-Ryan

Share this post


Link to post
Share on other sites

MALWAREBYTES' LOG

Malwarebytes' Anti-Malware 1.11

Database version: 672

Scan type: Full Scan (C:\|)

Objects scanned: 315577

Time elapsed: 1 hour(s), 56 minute(s), 40 second(s)

Memory Processes Infected: 3

Memory Modules Infected: 2

Registry Keys Infected: 29

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 7

Files Infected: 137

Memory Processes Infected:

c:\documents and settings\dcomito\application data\speedrunner\speedrunner.exe (Adware.SurfAccuracy) -> Unloaded process successfully.

C:\WINDOWS\system32\rwwnw64d.exe (Adware.ZeroSearch) -> Unloaded process successfully.

C:\WINDOWS\system32\scntskdn.exe (Adware.ZeroSearch) -> Unloaded process successfully.

Memory Modules Infected:

c:\WINDOWS\system32\{a584bf79-1b32-0c42-3a0a-9ebe95ff9876}.dll (Adware.Rotator) -> Unloaded module successfully.

c:\WINDOWS\system32\myss_sb.dll (Adware.BHO) -> Unloaded module successfully.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{a369a318-2ea7-d1ec-8728-234dbe3679ad} (Adware.Rotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a369a318-2ea7-d1ec-8728-234dbe3679ad} (Adware.Rotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3d87b50d-542a-45b6-96e9-f03cfaa8c962} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{3d87b50d-542a-45b6-96e9-f03cfaa8c962} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63ab48c9-01a8-495c-8194-a715db8a37a2} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\xInsIDE (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spa_start (Adware.Rotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{20-09-98-8B-DW} (Adware.ZeroSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Adware.ZeroSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Inet_Get_2 (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\axV (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ExTmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\IDE2 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pinz1 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bharebio18 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\dcomito\Application Data\speedrunner (Adware.SurfAccuracy) -> Delete on reboot.

Files Infected:

c:\WINDOWS\system32\{a584bf79-1b32-0c42-3a0a-9ebe95ff9876}.dll (Adware.Rotator) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\myss_sb.dll (Adware.BHO) -> Delete on reboot.

c:\documents and settings\dcomito\application data\speedrunner\speedrunner.exe (Adware.SurfAccuracy) -> Delete on reboot.

C:\WINDOWS\system32\rwwnw64d.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\scntskdn.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.

C:\csrss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\ctfmon.exe (BackDoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\dcomito\lsass.exe (BackDoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\dcomito\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Common Files\ffki\ffkid\class-barrel (Malware.Trace) -> Quarantined and deleted successfully.

C:\Program Files\Common Files\ffki\ffkid\vocabulary (Malware.Trace) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\onoes.exe.vir (Worm.Alcra) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\smss.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Documents and Settings\dcomito\Application Data\WinTouch\WTUninstaller.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\CPV\CPV8.dll.vir (Adware.Bestrevenue) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\Drmupgds\Drmupgds.exe.vir (Trojan.Stars) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\JavaCore\JavaCore.exe.vir (Trojan.Insider) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\nvcoi\nvcoi.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir (Trojan.Winpop) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\b116.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\mrofinu72.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir (Malware.Trace) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\ahuuxrcm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\alaot.dll.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\kinufvaa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\yqwnglyp.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP595\A0240279.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP595\A0240283.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP597\A0242291.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP597\A0242294.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP597\A0242295.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0245294.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0245313.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0246315.exe (Trojan.Delf) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0246323.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0246325.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0246326.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0246328.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0247307.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0247311.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP616\A0279637.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP621\A0284906.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP622\A0286932.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP624\A0294937.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP630\A0298933.exe (Worm.Alcra) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP630\A0298937.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP630\A0298940.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP631\A0298950.exe (Trojan.Winpop) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP631\A0298959.exe (Worm.Alcra) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP631\A0298961.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP631\A0298962.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP631\A0298963.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP631\A0298966.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP660\A0311425.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0311474.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0311475.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0311478.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0311479.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0311482.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0311483.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0311493.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0311494.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0312493.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0312494.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0313494.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0313495.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0314494.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0314495.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0314497.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0314501.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0315485.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0315486.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0315496.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0315497.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0316494.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0316495.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0316496.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0316498.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0316499.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0316502.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0316505.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0317486.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP665\A0322643.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP665\A0322645.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP665\A0324651.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP665\A0324652.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP665\A0324653.exe (Trojan.Insider) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP665\A0324654.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP665\A0324655.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP665\A0324656.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP666\A0329661.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP666\A0333672.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP666\A0333856.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP666\A0333858.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP668\A0335127.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP668\A0335128.dll (Adware.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP668\A0335132.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP669\A0337673.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP669\A0337677.dll (AdWare.CommAd) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP669\A0337678.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP669\A0337679.exe (AdWare.CommAd) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP669\A0337680.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP669\A0337681.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP669\A0338684.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP673\A0353809.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP673\A0353810.dll (Adware.Bestrevenue) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP673\A0353811.exe (Trojan.Insider) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP673\A0353815.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP673\A0353818.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP673\A0353819.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP673\A0353824.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\b138.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\b155.exe_old (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\b157.exe_old (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jownw64k.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jrwnw64m.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LC1FA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mcntpkdn.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\myss_sb_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\_{a584bf79-1b32-0c42-3a0a-9ebe95ff9876}.dll (Adware.Rotator) -> Delete on reboot.

C:\WINDOWS\system32\axV\retmwav3.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bharebio18\bharebio182328.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\IDE2\mdllcom2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pinz1\cegmgr76.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\dcomito\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

C:\Documents and Settings\dcomito\Application Data\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

C:\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gebbyvvu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ljjhgdcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\dcomito\Start Menu\Programs\Startup\Deewoo.lnk (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\dcomito\Start Menu\Programs\Startup\DW_Start.lnk (Trojan.Agent) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites

NEW HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:17, on 2008-04-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: (no name) - {072D5F0C-CA1D-4B87-A4C2-348F0089458C} - (no file)

O2 - BHO: (no name) - {10BFF6B2-7553-43BD-9C93-6DC96E4C1DE5} - C:\WINDOWS\system32\hgGxyVPG.dll (file missing)

O2 - BHO: (no name) - {1B582B8C-433A-4420-ACA8-F768D313B0EB} - (no file)

O2 - BHO: (no name) - {3D37CBC8-5D26-07D0-0214-5200CECCDBBB} - C:\WINDOWS\system32\rsmaeztl.dll (file missing)

O2 - BHO: (no name) - {451CED79-11D8-4D6C-B3DA-96E43AF65533} - C:\WINDOWS\system32\opnmMecc.dll (file missing)

O2 - BHO: (no name) - {4ACC409F-CCDA-4BC4-BA39-AA98CCF0637A} - (no file)

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O2 - BHO: (no name) - {67678E09-5372-48A7-B044-37863861443A} - (no file)

O2 - BHO: (no name) - {6C858D3D-DC48-4D40-8A14-D8348DA008DD} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {85255ebb-c8e6-4ded-bfb5-28c008613ced} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: (no name) - {b91ed9fa-53a0-463e-81ba-f57f6285063b} - (no file)

O2 - BHO: (no name) - {F339E59C-DFF6-4AB7-A1F9-6399B96C91A2} - (no file)

O2 - BHO: (no name) - {FEAAB4DF-26A5-479A-B4A1-16D2A356D667} - (no file)

O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [TamaDcu] C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe

O4 - HKCU\..\Run: [Vxsu] "C:\Documents and Settings\dcomito\My Documents\s?stem\m?iexec.exe"

O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe

O4 - HKCU\..\Run: [ffki] C:\PROGRA~1\COMMON~1\ffki\ffkim.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Documents and Settings\dcomito\Desktop\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Startup: AutoClick.lnk = C:\Program Files\AutoClick\AutoClick.exe

O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &Search - ?p=ZNxmk762YYUS

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Get all flash - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Super Flash Player - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra 'Tools' menuitem: &Super Flash Player - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.toontown.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab

O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096149243552

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ballistik...gwebinstall.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.18.37/ttinst.cab

O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab

O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.dotphoto.com/XUpload.ocx

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.18...est/tt_test.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{507F3853-9B5C-4D4A-9892-641A37F32119}: NameServer = 192.168.1.1

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 12820 bytes

Share this post


Link to post
Share on other sites

Open HiJack This and run a scan. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: (no name) - {072D5F0C-CA1D-4B87-A4C2-348F0089458C} - (no file)

O2 - BHO: (no name) - {10BFF6B2-7553-43BD-9C93-6DC96E4C1DE5} - C:\WINDOWS\system32\hgGxyVPG.dll (file missing)

O2 - BHO: (no name) - {1B582B8C-433A-4420-ACA8-F768D313B0EB} - (no file)

O2 - BHO: (no name) - {3D37CBC8-5D26-07D0-0214-5200CECCDBBB} - C:\WINDOWS\system32\rsmaeztl.dll (file missing)

O2 - BHO: (no name) - {451CED79-11D8-4D6C-B3DA-96E43AF65533} - C:\WINDOWS\system32\opnmMecc.dll (file missing)

O2 - BHO: (no name) - {4ACC409F-CCDA-4BC4-BA39-AA98CCF0637A} - (no file)

O2 - BHO: (no name) - {67678E09-5372-48A7-B044-37863861443A} - (no file)

O2 - BHO: (no name) - {6C858D3D-DC48-4D40-8A14-D8348DA008DD} - (no file)

O2 - BHO: (no name) - {85255ebb-c8e6-4ded-bfb5-28c008613ced} - (no file)

O2 - BHO: (no name) - {b91ed9fa-53a0-463e-81ba-f57f6285063b} - (no file)

O2 - BHO: (no name) - {F339E59C-DFF6-4AB7-A1F9-6399B96C91A2} - (no file)

O2 - BHO: (no name) - {FEAAB4DF-26A5-479A-B4A1-16D2A356D667} - (no file)

O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

O4 - HKCU\..\Run: [Vxsu] "C:\Documents and Settings\dcomito\My Documents\s?stem\m?iexec.exe"

O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe

Click on Fix Checked when finished and exit HijackThis.

Please download the OTMoveIt2 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the following item: purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

-Ryan

Share this post


Link to post
Share on other sites

Rereun the OTMI2 instructions, this time pasting in the following: C:\Documents and Settings\dcomito\My Documents\s?stem\ /u

Once you've done that, please complete the following:

== Clear Temporary Files ==

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Close all Internet Explorer, Firefox, and Opera windows before continuing.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

== Clear System Restore==

Let's make a new restore point and clear the others:

  • Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
    Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computer

Please reboot your computer before continuing.

== Kaspersky Web Scanner ==

Please do an online scan with Kaspersky WebScanner

You will need to use Internet Explorer to do this

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

    • Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

== Request Logs ==

Please post the log from the Kaspersky scan, along with a new HiJack This log and an uninstall list, and let me know how the computer is running.

To obtain an Uninstall list.

  • Open HijackThis, click Config, click Misc Tools
    Click "Open Uninstall Manager"
    Click "Save List" (generates uninstall_list.txt)

-Ryan

Share this post


Link to post
Share on other sites

New HiJackThis Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:02, on 2008-04-23

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [TamaDcu] C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe

O4 - HKCU\..\Run: [ffki] C:\PROGRA~1\COMMON~1\ffki\ffkim.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Documents and Settings\dcomito\Desktop\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Startup: AutoClick.lnk = C:\Program Files\AutoClick\AutoClick.exe

O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &Search - ?p=ZNxmk762YYUS

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Get all flash - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Super Flash Player - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra 'Tools' menuitem: &Super Flash Player - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.toontown.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab

O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096149243552

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ballistik...gwebinstall.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.18.37/ttinst.cab

O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab

O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.dotphoto.com/XUpload.ocx

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.18...est/tt_test.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{507F3853-9B5C-4D4A-9892-641A37F32119}: NameServer = 192.168.1.1

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 11512 bytes

Share this post


Link to post
Share on other sites

uninstall_list.txt

.sol Editor 1.1.0.1

6000 Sound Effects

Adobe Flash Player 9 ActiveX

Adobe Flash Player 9 ActiveX

Adobe Flash Player ActiveX

Adobe Photoshop 7.0

Adobe Reader 8

Adobe Shockwave Player

Advanced GIF Animator 2.23

AGEIA PhysX v7.07.24

Armagetron Advanced 0.2.8.2.1.gcc

Audio Recorder for FREE v10.2

BannedStory

Canon CanoScan Toolbox 4.1

Canon i960

Canon Utilities Easy-PhotoPrint

Canon Utilities Easy-PhotoPrint Plus

Canon Utilities PhotoStitch 3.1

Crashday

Crazy Machines

Crazy Machines II Demo

Delta Force

DIG Game Manager

Digital Media Converter 2.62

Disney Pirates of the Caribbean Online

Disney's Toontown Online

Disney's Toontown Online Test Server

Dream Flashsee v1.3

Easy GIF Animator 4.4

ebgcInfra

ebgcRes

ebgcRes

ebgcSDK

Enhancement Browser Tools Gooochi

Frames

Fraps

Frets On Fire

Game Maker 7.0

Google Earth

Google SketchUp 6

Google SketchUp 6

Google Talk (remove only)

Google Toolbar for Firefox

Google Toolbar for Internet Explorer

Google Toolbar for Internet Explorer

GTA2

Guild Wars

Hang Reporting Tool

Hard Disk Scrubber v2.1

HijackThis 2.0.2

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

HyperCam 2

Intel® Extreme Graphics 2 Driver

J2SE Runtime Environment 5.0 Update 7

J2SE Runtime Environment 5.0 Update 9

Java SE Runtime Environment 6 Update 1

KartRider

Kaspersky Online Scanner

KODAK EASYSHARE Gallery Upload ActiveX Control

LEGO Digital Designer

LimeWire 4.16.7

Lyra Jukebox Applications

Macromedia Dreamweaver 8

Macromedia Extension Manager

Macromedia Fireworks 8

Macromedia Flash 8

Macromedia Flash 8 Video Encoder

Macromedia Flash Player 8

Macromedia Flash Player 8 Plugin

Macromedia FlashPaper 2

Macromedia FreeHand MXa

Malwarebytes' Anti-Malware

MapleStory

Marble Blast Gold

Mario Forever v 2.16 !

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Digital Image Suite 10

Microsoft GIF Animator

Microsoft Halo

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft IT Smartcard Utilities

Microsoft National Language Support Downlevel APIs

Microsoft Office FrontPage 2003

Microsoft Office Professional Edition 2003

Microsoft Platform SDK (R2) (3790.2075)

Microsoft Revenge of Arcade

Microsoft Rise Of Nations

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Express Edition - ENU

Mini Python Pack 1.5.1

MonkeyJam 3_050529

Mozilla Firefox (2.0.0.4)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 Parser and SDK

MSXML4 Parser

Musicmatch® Jukebox

Norton Security Scan

PangYa (NtreevSoft)

Penguin Racers

Picasa 2

Pirates of the Caribbean Online's Desktop Galleon

Pivot Stickfigure Animator

project dogwaffle

Project64 1.6

Quartz AudioMaster Freeware

QuickTime

RasPatch

Reaction Engine SDK Demo (remove only)

RealArcade

RealPlayer

Realtek AC'97 Audio

Rhapsody Player Engine

Rhapsody Player Engine

Ricochet Lost Worlds

Ricochet Lost Worlds Recharged

SAPI 5.1

SecondLife (remove only)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB941693)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB948590)

Security Update for Windows XP (KB948881)

Shrek® SuperSlam

Snail Mail

Snail Mail (remove only)

Soldier Front

STOIK Video Converter 2

Stop Motion Pro v6 Trial

Super Flash Player Manager 2.18

SuperVideoCap V5.5 Build 1800

Tamagotchi

The Games Factory 2

ThinkTanks Demo (remove only)

Tiny Trucks

Toribash 3.1

Torque Game Engine Demo (remove only)

Torque Warzone Demo (remove only)

TurboDemo 7.5 - Trial

U.B. Funkeys

Update for Windows XP (KB894391)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

VIA Rhine-Family Fast Ethernet Adapter

VIDEO GAME TYCOON : Gold Edition

WarRock

Winamp (remove only)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows Rights Management client

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

WinRAR archiver

Xenolith & [email protected]

Xfire (remove only)

Yahoo! Browser Services

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Toolbar

Share this post


Link to post
Share on other sites

Please go to UploadMalware to upload a suspicious file for analysis.

  • Enter your username from this forum
  • Copy and paste the link to this thread
  • In the first box for files to submit, copy and paste the following: C:\PROGRA~1\COMMON~1\ffki\ffkim.exe
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

C:\MapleDream\MapleDreamT003.exe

C:\Program Files\Delta Force Land Warrior\DFLWSetup-dm.exe

C:\Program Files\MonsterTruckStuntRallySetup-dm.exe

C:\Program Files\Project64 1.6\Plugin\Jabo_Dsound.dll

C:\Program Files\RCT2TripleThrillSetup-dm.exe

C:\Program Files\SnailMailSetup-dm.exe

C:\Program Files\WormsFortsSetup-dm.exe

C:\WINDOWS\system32\g88.exe

C:\WINDOWS\system32\LD4D6.tmp

Folder::

C:\_\

C:\Documents and Settings\dcomito\My Documents\LimeWire\

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.

-Ryan

Share this post


Link to post
Share on other sites

When I did this:

Please go to UploadMalware to upload a suspicious file for analysis.

Enter your username from this forum

Copy and paste the link to this thread

In the first box for files to submit, copy and paste the following: C:\PROGRA~1\COMMON~1\ffki\ffkim.exe

In the comments, please mention that I asked you to upload this file

Click on Send File

I got this back:

Your file (ffkim.exe) was 0 bytes and could not be uploaded. Please try disabling any anti-virus software and trying the upload again.Your file () was 0 bytes and could not be uploaded. Please try disabling any anti-virus software and trying the upload again.

Share this post


Link to post
Share on other sites

If you have not yet run combofix, please download a new copy before proceding, and use the following as the script:

File::

C:\MapleDream\MapleDreamT003.exe

C:\Program Files\Delta Force Land Warrior\DFLWSetup-dm.exe

C:\Program Files\MonsterTruckStuntRallySetup-dm.exe

C:\Program Files\Project64 1.6\Plugin\Jabo_Dsound.dll

C:\Program Files\RCT2TripleThrillSetup-dm.exe

C:\Program Files\SnailMailSetup-dm.exe

C:\Program Files\WormsFortsSetup-dm.exe

C:\WINDOWS\system32\g88.exe

C:\WINDOWS\system32\LD4D6.tmp

C:\PROGRA~1\COMMON~1\ffki\ffkim.exe

Folder::

C:\_\

C:\Documents and Settings\dcomito\My Documents\LimeWire\

The rest of the instructions regarding it remain the same.

-Ryan

Share this post


Link to post
Share on other sites

HiJackThis Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:22:59 PM, on 4/23/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [TamaDcu] C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe

O4 - HKCU\..\Run: [ffki] C:\PROGRA~1\COMMON~1\ffki\ffkim.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Documents and Settings\dcomito\Desktop\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Startup: AutoClick.lnk = C:\Program Files\AutoClick\AutoClick.exe

O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &Search - ?p=ZNxmk762YYUS

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Get all flash - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Super Flash Player - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra 'Tools' menuitem: &Super Flash Player - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.toontown.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab

O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096149243552

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ballistik...gwebinstall.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.18.37/ttinst.cab

O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab

O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.dotphoto.com/XUpload.ocx

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.18...est/tt_test.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{507F3853-9B5C-4D4A-9892-641A37F32119}: NameServer = 192.168.1.1

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 11460 bytes

Share this post


Link to post
Share on other sites
If you have not yet run combofix, please download a new copy before proceding, and use the following as the script:
File::

C:\MapleDream\MapleDreamT003.exe

C:\Program Files\Delta Force Land Warrior\DFLWSetup-dm.exe

C:\Program Files\MonsterTruckStuntRallySetup-dm.exe

C:\Program Files\Project64 1.6\Plugin\Jabo_Dsound.dll

C:\Program Files\RCT2TripleThrillSetup-dm.exe

C:\Program Files\SnailMailSetup-dm.exe

C:\Program Files\WormsFortsSetup-dm.exe

C:\WINDOWS\system32\g88.exe

C:\WINDOWS\system32\LD4D6.tmp

C:\PROGRA~1\COMMON~1\ffki\ffkim.exe

Folder::

C:\_\

C:\Documents and Settings\dcomito\My Documents\LimeWire\

The rest of the instructions regarding it remain the same.

-Ryan

I had already run ComboFix prior to reading this. Should I do it again?

Share this post


Link to post
Share on other sites

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

C:\WINDOWS\system32\mrwfhtui.ini

C:\WINDOWS\system32\g7.exe

C:\WINDOWS\system32\wvbjiohp.ini

C:\WINDOWS\system32\yyvwxnah.ini

C:\WINDOWS\system32\yfciidcn.ini

C:\18.bat

C:\Documents and Settings\dcomito\4459.bat

C:\42.bat

C:\Documents and Settings\dcomito\3723.bat

C:\460.bat

C:\Documents and Settings\dcomito\4238.bat

C:\371.bat

C:\Documents and Settings\dcomito\1430.bat

C:\52.bat

C:\Documents and Settings\dcomito\8679.bat

C:\WINDOWS\BM97213ab8.xml

C:\602.bat

C:\Documents and Settings\dcomito\2436.bat

C:\128.bat

C:\Documents and Settings\dcomito\7164.bat

C:\498.bat

C:\Documents and Settings\dcomito\5712.bat

C:\824.bat

C:\PROGRA~1\COMMON~1\ffki\ffkim.exe

Driver::

smp_lpt.sys

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the latest ComboFix report.

-Ryan

Share this post


Link to post
Share on other sites

New ComboFix Log

ComboFix 08-04-20.2 - dcomito 2008-04-23 20:00:06.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.252 [GMT -7:00]

Running from: C:\Documents and Settings\dcomito\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\dcomito\Desktop\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\128.bat

C:\18.bat

C:\371.bat

C:\42.bat

C:\460.bat

C:\498.bat

C:\52.bat

C:\602.bat

C:\824.bat

C:\Documents and Settings\dcomito\1430.bat

C:\Documents and Settings\dcomito\2436.bat

C:\Documents and Settings\dcomito\3723.bat

C:\Documents and Settings\dcomito\4238.bat

C:\Documents and Settings\dcomito\4459.bat

C:\Documents and Settings\dcomito\5712.bat

C:\Documents and Settings\dcomito\7164.bat

C:\Documents and Settings\dcomito\8679.bat

C:\PROGRA~1\COMMON~1\ffki\ffkim.exe

C:\WINDOWS\BM97213ab8.xml

C:\WINDOWS\system32\g7.exe

C:\WINDOWS\system32\mrwfhtui.ini

C:\WINDOWS\system32\wvbjiohp.ini

C:\WINDOWS\system32\yfciidcn.ini

C:\WINDOWS\system32\yyvwxnah.ini

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\128.bat

C:\18.bat

C:\371.bat

C:\42.bat

C:\460.bat

C:\498.bat

C:\52.bat

C:\602.bat

C:\824.bat

C:\Documents and Settings\dcomito\1430.bat

C:\Documents and Settings\dcomito\2436.bat

C:\Documents and Settings\dcomito\3723.bat

C:\Documents and Settings\dcomito\4238.bat

C:\Documents and Settings\dcomito\4459.bat

C:\Documents and Settings\dcomito\5712.bat

C:\Documents and Settings\dcomito\7164.bat

C:\Documents and Settings\dcomito\8679.bat

C:\Documents and Settings\dcomito\Local Settings\Temporary Internet Files\CPV.stt

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt

C:\WINDOWS\b.exe

C:\WINDOWS\BM97213ab8.xml

C:\WINDOWS\system32\g7.exe

C:\WINDOWS\system32\mrwfhtui.ini

C:\WINDOWS\system32\wvbjiohp.ini

C:\WINDOWS\system32\yfciidcn.ini

C:\WINDOWS\system32\yyvwxnah.ini

.

((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))

.

2008-04-23 12:59 . 2008-04-23 12:59 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-04-23 12:59 . 2008-04-23 12:59 <DIR> d-------- C:\WINDOWS\LastGood

2008-04-23 12:59 . 2008-04-23 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-04-22 20:38 . 2008-04-22 20:38 <DIR> d-------- C:\_OTMoveIt

2008-04-22 16:11 . 2008-04-22 16:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-04-22 16:11 . 2008-04-22 16:11 <DIR> d-------- C:\Documents and Settings\dcomito\Application Data\Malwarebytes

2008-04-22 16:11 . 2008-04-22 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-04-22 16:08 . 2008-04-22 16:08 1,546,928 --a------ C:\Program Files\mbam-setup.exe

2008-04-21 17:11 . 2008-04-21 17:11 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-19 09:30 . 2008-04-19 09:30 7,652 ---hs---- C:\Folder.jpg

2008-04-19 09:30 . 2008-04-19 09:30 7,652 ---hs---- C:\AlbumArt_{26DE6AEC-984D-4D45-A6FE-DC6FAA198BAD}_Large.jpg

2008-04-19 09:30 . 2008-04-19 09:30 2,387 ---hs---- C:\AlbumArtSmall.jpg

2008-04-19 09:30 . 2008-04-19 09:30 2,387 ---hs---- C:\AlbumArt_{26DE6AEC-984D-4D45-A6FE-DC6FAA198BAD}_Small.jpg

2008-04-19 09:30 . 2008-04-19 09:30 362 ---hs---- C:\desktop.ini

2008-04-18 23:46 . 2008-04-22 16:15 63,893 --a------ C:\WINDOWS\system32\{a584bf79-1b32-0c42-3a0a-9ebe95ff9876}.dll-uninst.exe

2008-04-18 22:12 . 2008-04-18 22:14 3,956,390 --a------ C:\Soundgarden - Spoonman.mp3

2008-04-18 22:08 . 2008-04-18 22:09 <DIR> d-------- C:\Program Files\LimeWire

2008-04-17 23:42 . 2008-04-17 23:42 <DIR> d-------- C:\Documents and Settings\dcomito\Application Data\SUPERAntiSpyware.com

2008-04-17 23:42 . 2008-04-17 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-04-16 01:30 . 2008-04-16 18:23 538 --a------ C:\WINDOWS\wininit.ini

2008-04-15 23:25 . 2008-04-22 16:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-04-15 23:25 . 2008-04-22 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-15 19:37 . 2008-04-15 19:37 9,662 --a------ C:\WINDOWS\system32\vaio3-011.ico

2008-04-15 11:49 . 2008-04-15 11:49 13,942 --a------ C:\WINDOWS\system32\iphone-011.ico

2008-04-15 08:00 . 2008-04-15 08:01 2,623,619 --a------ C:\Wolfmother - Woman.mp3

2008-04-14 23:53 . 2008-04-14 23:53 9,662 --a------ C:\WINDOWS\system32\iphone-6y.ico

2008-04-14 20:33 . 2008-04-14 20:34 3,136,783 --a------ C:\David Bowie - Ziggy Stardust.mp3

2008-04-14 20:31 . 2008-04-14 20:33 6,478,158 --a------ C:\Foo Fighters - The Pretender.mp3

2008-04-14 20:30 . 2008-04-14 20:32 3,703,536 --a------ C:\Foo Fighters - Monkey Wrench.mp3

2008-04-13 00:30 . 2008-04-13 00:30 298,305 --a------ C:\WINDOWS\system32\gside.exe

2008-04-12 22:21 . 2008-04-12 22:21 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!

2008-04-12 22:13 . 2008-04-22 16:06 860 --a------ C:\WINDOWS\system32\winpfz33.sys

2008-04-12 22:11 . 2008-04-12 22:11 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll

2008-04-12 22:08 . 2008-04-12 22:08 <DIR> d-------- C:\WINDOWS\system32\HiFi

2008-04-12 22:07 . 2008-04-12 22:07 <DIR> d-------- C:\temp\wdlw14

2008-04-09 21:52 . 2008-04-09 21:52 <DIR> d-------- C:\Program Files\FretsOnFire

2008-04-08 20:22 . 2008-02-25 01:58 <DIR> d-------- C:\Program Files\raw

2008-04-08 20:22 . 2008-02-25 02:16 5,545,984 --a------ C:\Program Files\dwarfort.exe

2008-04-08 20:22 . 2004-10-18 11:04 161,280 --a------ C:\Program Files\fmod.dll

2008-04-08 20:22 . 2007-01-28 11:02 81,920 --a------ C:\Program Files\optipng.exe

2008-04-08 20:22 . 2007-11-22 02:26 1,162 --a------ C:\Program Files\command line.txt

2008-04-08 20:22 . 2007-10-29 13:45 435 --a------ C:\Program Files\compress_bitmaps.bat

2008-04-04 15:30 . 2008-04-04 15:30 <DIR> d-------- C:\WINDOWS\system32\Adobe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-24 02:07 --------- d-----w C:\Program Files\Delta Force Land Warrior

2008-04-20 03:18 --------- d-----w C:\Program Files\Toribash-3.1

2008-04-19 23:44 --------- d-----w C:\Documents and Settings\dcomito\Application Data\LimeWire

2008-04-19 02:54 --------- d-----w C:\Program Files\Toribash-3.06

2008-04-18 06:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-04-18 06:32 --------- d-----w C:\Program Files\Ahead

2008-04-18 06:24 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-18 06:24 --------- d--h--w C:\Documents and Settings\dcomito\Application Data\ijjigame

2008-04-18 06:24 --------- d-----w C:\Program Files\DriftCity

2008-04-18 06:23 --------- d-----w C:\Program Files\igLoader

2008-04-18 06:20 --------- d-----w C:\Program Files\VstPlugins

2008-04-18 06:20 --------- d-----w C:\Program Files\Image-Line

2008-04-18 06:19 --------- d-----w C:\Program Files\Canon

2008-04-16 05:17 --------- d-----w C:\Program Files\BitLord

2008-04-16 05:16 --------- d-----w C:\Program Files\Azureus

2008-04-16 04:50 --------- d-----w C:\Program Files\Lavasoft

2008-04-13 05:28 --------- d-----w C:\Documents and Settings\dcomito\Application Data\Azureus

2008-04-09 03:26 --------- d-----w C:\Program Files\Data

2008-04-09 03:23 27 ----a-w C:\Program Files\gamelog.txt

2008-04-07 17:14 --------- d-----w C:\Program Files\Project64 1.6

2008-03-31 01:37 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-14 03:55 --------- d-----w C:\Program Files\HL(2)

2008-03-14 03:34 --------- d-----w C:\Program Files\gmod9

2008-03-10 21:38 --------- d-----w C:\Program Files\Xfire

2008-03-09 21:34 --------- d-----w C:\Program Files\QuickTime

2008-03-01 23:39 --------- d-----w C:\Program Files\Audio Recorder for FREE

2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-29 05:36 --------- d-----w C:\Documents and Settings\dcomito\Application Data\Xfire

2008-02-28 01:50 --------- d-----w C:\Program Files\Microsoft Games

2008-02-27 06:15 --------- d-----w C:\Program Files\Game_Maker7

2008-02-25 08:56 19,481 ----a-w C:\Program Files\release notes.txt

2008-02-25 01:05 --------- d-----w C:\Documents and Settings\dcomito\Application Data\Audacity

2008-02-24 06:19 26,017 ----a-w C:\Program Files\file changes.txt

2008-02-24 04:31 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-24 04:31 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-02-23 22:34 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-02-21 01:57 54,608 ----a-w C:\WINDOWS\system32\xfcodec.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-16 14:02 8,230 ----a-w C:\Program Files\readme.txt

2008-02-11 19:51 10 -c--a-w C:\Program Files\.autoreg

2008-01-22 02:52 102 ----a-w C:\Program Files\eek.txt

2008-01-20 02:54 5,783 ----a-w C:\Program Files\install.log

2007-06-11 23:18 224,260,417 ----a-w C:\Program Files\GetAmpedSEA_SetupOpenBeta01.exe

2007-06-11 22:47 195,628,133 ----a-w C:\Program Files\GunzInstaller.exe

2007-06-11 22:23 133,746,915 ----a-w C:\Program Files\GunboundRV_setup.exe

2007-02-18 05:15 1,736 ----a-w C:\Program Files\Patcher.log

2007-02-07 02:29 774,144 ----a-w C:\Program Files\RngInterstitial.dll

2007-01-16 07:00 886 ----a-w C:\Program Files\optipng license.txt

2006-12-18 02:44 534,106 ----a-w C:\Program Files\XOM_log.txt

2006-12-18 02:20 8 -c--a-w C:\Program Files\launcher.dat

2006-12-01 05:35 32 -c--a-r C:\Documents and Settings\All Users\hash.dat

2006-11-25 21:36 30,069 ------w C:\Program Files\Tunnel.zip

2006-11-22 04:56 317,248 ------w C:\Program Files\dxwebsetup.exe

2006-11-20 05:55 16,854,780 ------w C:\Program Files\MaplePatch00034to00035.exe

2006-11-12 19:38 764,888 ------w C:\Program Files\FRAPS281.EXE

2006-09-24 03:36 29,420,996 ----a-w C:\Program Files\kong10012_part_eng.exe

2006-09-24 02:41 105,571,880 ----a-w C:\Program Files\KongKong Online.lnk

2004-01-20 04:03 290,816 ----a-w C:\Program Files\Launcher.exe

2004-01-20 03:53 37,285 ----a-w C:\Program Files\readme.rtf

2004-01-20 03:44 314 -c--a-w C:\Program Files\RUNME.reg

2002-12-26 05:31 10 -c--a-w C:\Program Files\_MASRIgames

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]

"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [ ]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-16 07:39 68856]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]

"TamaDcu"="C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe" [2007-03-29 13:15 57344]

"ffki"="C:\PROGRA~1\COMMON~1\ffki\ffkim.exe" [ ]

"SUPERAntiSpyware"="C:\Documents and Settings\dcomito\Desktop\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 11:35 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 11:32 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 11:36 114688]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 03:48 157592]

"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22 3739648]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-16 08:19 180269]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 15:22 35328]

"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 13:03 135168]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 16:15 366400]

"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 13:03 53248]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-09 14:34 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-16 07:39 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\tmp\\PSAdmin.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Crazy Zach\\bin\\Worms3D.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\c\\WWP.EXE"=

"C:\\Program Files\\Blockland\\Blockland.exe"=

"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=

"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"C:\\Program Files\\NovaLogic\\Delta Force\\Df.exe"=

"C:\\Program Files\\Armagetron Advanced\\armagetronad.exe"=

"C:\\Program Files\\Torque Game Engine Demo\\demo.exe"=

"C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe"=

"C:\\Program Files\\NEXON\\MapleStory\\MapleStory.exe"=

"C:\\Nexon\\KartRider\\NMService.exe"=

"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

"C:\\Program Files\\Xfire\\xfire.exe"=

"C:\\Program Files\\Tech4Learning\\Frames\\Frames.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\Midtown Madness 2.3\\Midtown2.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\HL(2)\\hlds.exe"=

"C:\\Program Files\\HL(2)\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R2 smp_lpt;smp_lpt;C:\WINDOWS\system32\drivers\smp_lpt.sys [2007-01-24 13:25]

S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 15:05]

S3 Dua1;Dua1;C:\DOCUME~1\dcomito\LOCALS~1\Temp\Rar$EX00.719\DualEngi.sys []

S3 GEMPC430;GEMPLUS GemPC430 USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\grclass.sys [2001-08-17 13:51]

S3 MzBot;MzBot;C:\MzBot.sys []

S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe [2004-08-04 05:00]

S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe [2004-08-04 05:00]

S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe [2004-08-04 05:00]

S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe [2004-08-04 05:00]

S3 projectx1;projectx1;C:\Documents and Settings\dcomito\Desktop\ProjectX_4.0 Engine\ProjectX_4.0 Engine\FelipeZe.sys []

S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 15:05]

S3 SoRa01;SoRa01;C:\DOCUME~1\dcomito\LOCALS~1\Temp\Rar$EX18.062\SoRa Remak Engine 2.6\SoRa.sys []

S3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-08-17 05:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c7d37ea-19d1-11dc-a9a0-00e04cfb1f0d}]

\Shell\Auto\command - G:\Start.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc84716f-c75d-11da-a898-00e04cfb1f0d}]

\Shell\Auto\command - E:\Start.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-04-18 22:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-23 20:04:22

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-23 20:14:28

ComboFix-quarantined-files.txt 2008-04-24 03:14:08

ComboFix2.txt 2008-04-24 02:20:51

Pre-Run: 50,524,532,736 bytes free

Post-Run: 50,514,575,360 bytes free

282 --- E O F --- 2008-04-12 10:04:42

Share this post


Link to post
Share on other sites

HiJack Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:18:05 PM, on 4/23/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [TamaDcu] C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe

O4 - HKCU\..\Run: [ffki] C:\PROGRA~1\COMMON~1\ffki\ffkim.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Documents and Settings\dcomito\Desktop\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Startup: AutoClick.lnk = C:\Program Files\AutoClick\AutoClick.exe

O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &Search - ?p=ZNxmk762YYUS

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Get all flash - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Super Flash Player - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra 'Tools' menuitem: &Super Flash Player - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.toontown.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab

O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096149243552

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ballistik...gwebinstall.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.18.37/ttinst.cab

O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab

O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.dotphoto.com/XUpload.ocx

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.18...est/tt_test.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{507F3853-9B5C-4D4A-9892-641A37F32119}: NameServer = 192.168.1.1

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 11620 bytes

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this